Middleware is logic that is run before and after each request and is modelled after Django’s Middleware system. It offers the following hooks:

beforeController: This is executed before a controller method is being executed. This allows you to plug additional checks or logic before that method, like for instance security checks

afterException: This is being run when either the beforeController method or the controller method itself is throwing an exception. The middleware is asked in reverse order to handle the exception and to return a response. If the middleware can’t handle the exception, it throws the exception again

afterController: This is being run after a successful controllermethod call and allows the manipulation of a Response object. The middleware is run in reverse order

beforeOutput: This is being run after the response object has been rendered and allows the manipulation of the outputted text. The middleware is run in reverse order

To generate your own middleware, simply inherit from the Middleware class and overwrite the methods that should be used.

<?phpnamespaceOCA\MyApp\Middleware;use\OCP\AppFramework\Middleware;classCensorMiddlewareextendsMiddleware{/** * this replaces "bad words" with "********" in the output */publicfunctionbeforeOutput($controller,$methodName,$output){returnstr_replace('bad words','********',$output);}}

The middleware can be registered in the Container and added using the registerMiddleware method:

<?phpnamespaceOCA\MyApp\AppInfo;use\OCP\AppFramework\App;use\OCA\MyApp\Middleware\CensorMiddleware;classMyAppextendsApp{/** * Define your dependencies in here */publicfunction__construct(array$urlParams=array()){parent::__construct('myapp',$urlParams);$container=$this->getContainer();/** * Middleware */$container->registerService('CensorMiddleware',function($c){returnnewCensorMiddleware();});// executed in the order that it is registered$container->registerMiddleware('CensorMiddleware');}}

Note

The order is important! The middleware that is registered first gets run first in the beforeController method. For all other hooks, the order is being reversed, meaning: if a middleware is registered first, it gets run last.

Sometimes its useful to conditionally execute code before or after a controller method. This can be done by defining custom annotations. An example would be to add a custom authentication method or simply add an additional header to the response. To access the parsed annotations, inject the ControllerMethodReflector class:

<?phpnamespaceOCA\MyApp\Middleware;use\OCP\AppFramework\Middleware;use\OCP\AppFramework\Utility\ControllerMethodReflector;use\OCP\IRequest;classHeaderMiddlewareextendsMiddleware{private$reflector;publicfunction__construct(ControllerMethodReflector$reflector){$this->reflector=$reflector;}/** * Add custom header if @MyHeader is used */publicfunctionafterController($controller,$methodName,IResponse$response){if($this->reflector->hasAnnotation('MyHeader')){$response->addHeader('My-Header',3);}return$response;}}

Now adjust the container to inject the reflector:

<?phpnamespaceOCA\MyApp\AppInfo;use\OCP\AppFramework\App;use\OCA\MyApp\Middleware\HeaderMiddleware;classMyAppextendsApp{/** * Define your dependencies in here */publicfunction__construct(array$urlParams=array()){parent::__construct('myapp',$urlParams);$container=$this->getContainer();/** * Middleware */$container->registerService('HeaderMiddleware',function($c){returnnewHeaderMiddleware($c->query('ControllerMethodReflector'));});// executed in the order that it is registered$container->registerMiddleware('HeaderMiddleware');}}